Anyone who’s dealt with migrating AV infrastructure to the cloud knows it’s not as simple as flipping a switch. It’s a massive shift, and while it offers game-changing flexibility and scalability, it also brings some serious cybersecurity challenges. Moving from a system that’s locked down on-prem and staff-controlled to the public cloud means your data and systems are suddenly in a much more open environment—and that’s enough to make any security professional’s hair stand on end.
When AV infrastructure transitioned to IP transport, that was the first time we had to think about security differently. Now, with the cloud, it’s a whole new ballgame. You’ve got confidential data and mission-critical systems operating in a potentially public space.
[Cloud Power: The Evolution of Virtualized Production]
CIOs and CFOs love the cloud because it offers cost efficiencies and the flexibility of OPEX-driven tools. But the security teams? They’re often not as enthusiastic. They’re focused on keeping data safe, and that doesn’t always align with the real-time demands of AV production.
Identifying the Problem
This is also a problem in broadcast, but it's a much bigger problem in AV and internal production. In broadcast, there is always a risk benefit analysis. Broadcasters must produce content, and they have to be on the air. So, there is an absolute business case to find a sweet spot balance between having restrictive practices and being able to run its core business of actually making media.
In what have traditionally been referred to as corporate environments, that need for compromise isn't looked at in the same way. If you are a large corporation, your need to produce content from an extreme business case point of view is not the same as somebody who is producing content as the actual product.
Security isn’t just a box to check at the end of a deployment—it must be baked in from the start.
If I’m a broadcast call letter TV station, I can say with certainty that if we can't come to a reasonable perspective on how my cybersecurity practices are going to deploy, then we can't run that television station, which means It has no income whatsoever. At a big corporation, I don't have the same business case to take to the cybersecurity people and say, “Look, if we don't do this, our company can't achieve its primary goal.” And that can make it very difficult to come to a working solution.
The result? Delays. Building out a real-time AV infrastructure across the public cloud might only take 90 days, but getting the green light from the security team can easily take another year. Security teams often don’t understand the unique needs of real-time AV systems, and that’s where a lot of the friction can occur.
You’ve also got the question of trust. AV teams need real-time access to systems that security teams might see as vulnerable. This is where early communication becomes critical. Without it, you risk running into barriers that delay or derail projects entirely. Security isn’t just a box to check at the end of a deployment—it must be baked in from the start.
Why Systems Integrators Matter
This is where systems integrators like us come in. We’re the ones who navigate the maze of corporate security requirements while still delivering a system that works for AV.
The first step is always to sit down with the security team and figure out their rules. What are the governance standards? What’s allowed and what’s not? Without those answers upfront, you’re just setting yourself up for wasted time and frustration.
From a best practices point of view, you really want to look at it from the point of view of network performance requirements and security requirements. Work out the conflict between those two things before you start down the real system design process.
One of the first questions we ask clients is: What exactly are you trying to do with the cloud? Is it the best option for this application? And what would the partnership with a cloud vendor look like?
Once you've determined the goals that the client has from an a functional point of view, and then looked at that from the client’s security governance point of view, it is incumbent that you advise the client on what will be involved, as well as the potential risks, so they don't invest money in a project with you that at the far end they can't realize, because it doesn't meet the requirements of the company.
Measure Twice, Cut Once
A lot of the lesser-known issues around this are things like what transport protocols are allowed on the network and what kind of security methodologies are allowed for a VPN? You take that information, look at your design and determine if using those standards will meet the performance requirements for the system you've been tasked to build.
Next step is to calculate the upfront costs of a cloud-based system. The good news is that once you’ve run that gauntlet with your client, you have a guidepost of what's allowed and can work creatively to find where that adoption can be most useful.
Once you understand the client requirements, the first order of business is to understand the security concerns, then evaluate if the cloud is the right way to go. We need to determine if we’re talking about a private cloud inside the client’s data center or server room, or the public cloud in the form of Google, AWS, and Microsoft Azure. You can run the same technology using all. So, the question is, when we say the cloud, do we mean public cloud or software-defined workflows?
Typically, the first thing the folks in charge of cybersecurity with a large corporation will want to know about is the transport of content, how is it protected as it’s distributed, and how are assets stored. Once we answer those questions, we can make location decisions and evaluate those environments so that we mitigate the challenges of moving these workflows into a software defined infrastructure, whether it be on-prem or in the cloud.
The overall key is collaboration. Integrators have to bridge the gap between what the AV team needs and what the security team will allow. That often means a lot of back-and-forth discussions, tweaking designs, and even revisiting fundamental assumptions about the project. It’s not a quick process, but it’s essential to get right.
Balancing Security with Performance
Here’s the thing about cybersecurity: It’s not free. It costs you in performance. You only have so much bandwidth, and every layer of security you add takes a bite out of your bandwidth and compute power.
The more cybersecurity tools deployed, the slower the core application will run. In the AV world, where real-time performance is critical, that tradeoff cannot be ignored.
Take VPNs, for example. They’re great for creating a secure bubble, but they also add latency and are heavy on network resources. When you’re dealing with live production, those extra milliseconds can make a big difference. It’s all about finding the right balance, and that’s where upfront design work becomes so crucial.
This balancing act isn’t just about technology, it’s also about priorities. Security teams prioritize risk mitigation, while AV teams focus on performance. Finding common ground requires a clear understanding of each side’s goals and constraints. It’s not easy, but it’s possible with the right approach.
The Price of Failure
Let’s be honest: Cost is always a factor. Cloud migration isn’t cheap, especially when you factor in the time and effort it takes to get through all the security hurdles. But here’s the good news: Those costs are usually one-time expenses. Once you’ve gone through the process, you’ve got a roadmap for future projects. That said, it’s still our job as integrators to help clients weigh the financial and operational pros and cons upfront.
Cost concerns also tie back to scalability. One of the cloud’s biggest advantages is its ability to scale up or down based on demand. But that scalability comes at a price. Clients need to understand not just the upfront costs, but also the ongoing expenses of running a cloud-based system. That includes everything from storage and bandwidth to licensing fees and support contracts.
We’ve seen what happens when this stuff goes wrong. Not long ago, a major failure involving a cloud storage platform made headlines. Bugs in the system weren’t addressed, and when a minor failure occurred, it cascaded into a major disaster. Massive amounts of content that was thought to be stored safely was lost. It was a wake-up call: Redundancy isn’t optional, and you can’t rely on a single point of failure, even in the cloud.
Another example comes from live production. Imagine a virtual production control room running entirely in the cloud. It’s an elegant solution—until the network goes down. Without a backup plan, the entire production grinds to a halt. These real-world failures underline the importance of planning for the worst-case scenario. Redundancy, failover systems, and robust testing aren’t just nice-to-have, they’re essential.
Looking Ahead
The future of cloud-based AV workflows is exciting. We’re seeing advances in bandwidth and security tools that will make cloud deployments more flexible and secure. We’re going to see new methods of deploying software-defined workflows that will allow us to be more fluid when it comes to what lives on premise and what lives in the cloud.
[Tech Perspectives: Videoconferencing Industry in Same Sandbox but with Different Toys]
One of the biggest innovations on the horizon is the ability to dynamically allocate workflows between on-prem and cloud environments. Right now, you have to choose: Do you run your production control room in the cloud or on the ground? Soon, we’ll have the tools to make that decision on the fly based on the specific needs of a production.
Another area of innovation is hybrid cloud models. These setups allow organizations to combine the best of both worlds: the control and security of on-prem systems with the scalability and flexibility of the cloud. As tools and technologies mature, hybrid models will become more seamless, enabling organizations to optimize their workflows like never before.
Moving AV infrastructure to the cloud isn’t just a technical challenge, it’s a balancing act. You’ve got to consider security, performance, cost, and practicality. And you’ve got to bring the right people—from security teams to integrators—into the process early.
The cloud isn’t a shiny new toy anymore. It’s a mature, deployable technology that can deliver real business value when done right. As we continue to see innovations in this space, I’m optimistic about the future. With the right planning and tools, we can create AV systems that are not only secure but also flexible and efficient.
